﻿<?php require_once("./include/db_info.inc.php");
    $vcode=trim($_POST['vcode']);
    if($OJ_VCODE&&($vcode!= $_SESSION["vcode"]||$vcode==""||$vcode==null) ){
		echo "<script language='javascript'>\n";
		echo "alert('Verify Code Wrong!');\n";
		echo "history.go(-1);\n";
		echo "</script>";
		exit(0);
    }

	$user_id=mysql_escape_string($_POST['user_id']);
	$password=MD5($_POST['password']);
	session_destroy();
	session_start();
	$sql="INSERT INTO `loginlog` VALUES('$user_id','$password','".$_SERVER['REMOTE_ADDR']."',NOW())";
	@mysql_query($sql) or die(mysql_error());
	$sql="SELECT * FROM `users` WHERE `user_id`='".$user_id."' AND `password`='".$password."'";
	$result=mysql_query($sql);
	$cnt_row=mysql_num_rows($result);
	if ($cnt_row==1){
		$row=mysql_fetch_object($result);
		$_SESSION['user_id']=$row->user_id;
		$_SESSION['user_rights']=$row->rights;
		$_SESSION['user_email']=$row->email;
		$_SESSION['user_name']=$row->nick;
		$_SESSION['user_reference']=$row->reference;
		
		if (substr($row->rights,0,1)=="B") {
			$sql="SELECT * FROM `users` WHERE `reference`='".$row->user_id."'";
			$result=mysql_query($sql);
			if (mysql_num_rows($result)) {
				$children=",";
				while ($data=mysql_fetch_array($result)) {
					$children.=$data['user_id'].',';
				}
				$_SESSION['children']=$children;
			}
		}
		
		$sql="SELECT * FROM `users` WHERE `user_id`='".$row->reference."' limit 1";
		$result=mysql_query($sql);
		if (mysql_num_rows($result)) {
			$row=mysql_fetch_object($result);
			$_SESSION['user_ref_email']=$row->email;
		}
		mysql_free_result($result);
		echo "Welcome";
		echo "<script language='javascript'>\n";
		echo "history.go(-2);\n";
		echo "</script>";
	}else{
		mysql_free_result($result);
		echo "<script language='javascript'>\n";
		echo "alert('Tên đăng nhập hoặc mật khẩu không đúng!');\n";
		echo "history.go(-1);\n";
		echo "</script>";
	}
?>
